|FTP settings (1/7)|
1. Secure FTP|
To enable SECTCP defenses for FTP, program entries must be added to two specific exit points,
QIBM_QTMF_SERVER_REQ and QIBM_QTMF_SERVER_LOG.
This is done by
- selecting Option 1 (Secure FTP) from the initial SECTCP Menu (see Figure 1), then
- selecting Option 1 (Add FTP exit programs) from the "Secure FTP" Menu (Figure 2).
On the next screen:
Secured FTP EASY400
Select one of the following and press Enter
1. Add FTP exit programs Not yet added
2. Rmv FTP exit programs
3. Work with user profiles
4. Work with allowed directories
5. Work with IP addresses
6. Active Defense Disabled
7. Start logging
8. End logging
9. Display log
10. Display 24 hrs rejections log
Your selection ==> __
F3=Exit F12=Previous F22=Command entry
|Figure 1 - "Secure FTP" Menu|
... just press Enter and you are done.
Secured FTP EASY400
Add FTP exit program
Program number _________1 1-2147483647
You should leave 1 for the program number, unless you already assigned
other exit points.
In case you do not know whether exit points were already assigned,
use command WRKREGINF, then select with 8 the following entries:
-If no exit program are yet assigned, then your program number must be 1
-If some exit programs are already assigned, then your program number
must be the next one.
|Figure 2 - Adding the FTP exit programs|
Make then sure to restart the FTP server:
- endtcpsvr *FTP
- strtcpsvr *FTP
2. Quick start|
At the beginning, before defining in detail the FTP settings you would like to work with,
it is a good practice to take some defaults and verify that FTP is still working.
Do the following:
Once this is done,
- Take option 4 (Work with allowed directories), then option 1 (Public allowed directories) and define as allowed directory the root directory /
- Take option 5 (Work with IP addresses), then option 1 (Work with Allowed IP Addresses) and and make sure that there are no entries
- Take option 5 (Work with IP addresses), then option 2 (Work with Privileged IP Addresses),
and define as privileged the generic IP address of your IBM i LAN (example: 195.126.) where local workstations are connected.
- Take option 5 (Work with IP addresses), then option 3 (Work with Excluded IP Addresses),
and add the IP address entry *ANY
- Take option 6 (Active Defense), then option 1 (Define your Active Defense strategy) and make sure that
Enable your defense is set to N
- Take option 7 (Start Logging)
- Perform some local FTP activities (local workstations connecting to the local IBM i):
all connections should work, provided that appropriate user profiles/passewords are used to login.
- Try to FTP login to your local IBM i from an outside workstation: FTP logging should be denied.
- Then use option 9 (Display log) to display the FTP log for the current day.